While the UK’s busy nabbing alleged Anonymous members who like to pretend that they’re teenage girls, the Department of Homeland Security’s worried about their angry at-large cohorts over on the US side of the pond. In fact, DHS National Cybersecurity and Communications Integration Center is pretty concerned about the threat of an Anonymous attack against the financial industry. Today, the NCCIC issued a security bulletin warning financial institutions that Anon is trying to "solicit ideologically dissatisfied, sympathetic employees" over to the dark side.
There has been an alarming increase in scareware over the last couple of years. Google, which in 2010 ascertained 15% of all malware to be of the scareware variety, has begun notifying search users about a new strain of malware, which is thought to have been delivered to around a couple million PCs hidden inside fake antivirus software. According to the company, the said malware “causes infected computers to send traffic to Google through a small number of intermediary servers called ‘proxies’”. Hit the jump for more.
Uggghh. I should have known better, but there I was, staring at a bright-red screen in my Google Chrome tab that was trying to impress upon me—as much as a software browser could sans digital kick to the butt—that the popular tech news site I was about to visit was riddled with some kind of malware.
“Impossible,” I thought to myself. “There’s no way that this, a common site I frequent on a near-daily basis, could have anything to do with nefarious crap trying to install itself on my PC.”
Yes, the phrasing of my thoughts really does come out like that. So does my stubbornness. For rather than heed Google’s warning that the site I was about to visit was about to unleash a world of hurt on my system, I calmly told my browser that I was comfortable proceeding on my own (damnit).
I clicked the link, read my news and… was thrilled to find a new “Security Center” malware now popping up out of my taskbar about once every five minutes. Sigh. Before I could even turn to one of the many “get the heck off my system” tools that I keep installed for such measures, my entire screen went blue.
So, what do you use to clean your PC... aside from a baseball bat?
It issued the warning on its website, in what appears to be a less-frequented section, and opted against directly contacting the users. The company began its statement by downplaying the security breach: “as is the case with many companies that maintain large databases of information, Monster is the target of illegal attempts to access and extract information from its database.”
It claims to have taken the necessary “corrective steps” immediately after discovering the security breach. It has asked users to reset their passwords on their own, though they will eventually be forced to make the change. The company says that the exposed data includes user IDs and passwords, email addresses, names, phone numbers, and some basic demographic data. Resumes and sensitive data is said to be safe.
Monster.com has also advised users that they need to be more vigilant and watch out for specious emails claiming to be from the company.
Symantec has issued yet another warning related to a vulnerability in MS Access that was acknowledged by Microsoft last month. Symantec has warned that Internet Explorer 6 is more vulnerable to this threat than subsequent versions. It had earlier unearthed an update to the diabolical Neosploit kit that has made it easier for even neophyte hackers to exploit the chink in the MS Access armor.
There is still no news of a patch to fix the Snapshot Viewer ActiveX control that comes bundled with MS Access. This ActiveX control is being exploited by cyber interlopers to wrest control of computers. Symantec has advised users to set three kill bits for the Snapshot Viewer ActiveX control to prevent it from being activated.
Attackers are exploiting the threat using specially designed websites that hideously download malicious code. Since the ActiveX control bears Microsoft's digital signature, those users who have rated MS to be a trustworthy software publisher in their IE settings might very quietly have their systems compromised
Microsoft hasn’t come up with a fix for this bug yet. Though Microsoft says that attacks are targeted and not widespread, you are advised to breeze through the terse list of suggested actions posted by Microsoft and mitigate the risk.